PT-2022-5103 · Palo Alto Networks · Pan-Os

Published

2022-10-12

Updated

2022-10-17

CVE-2022-0030

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 8.1.24

Description The issue is related to an authentication bypass vulnerability in the web interface of PAN-OS, which allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. The vendor has stated that they are not aware of any malicious exploitation of this issue.

Recommendations For PAN-OS versions prior to 8.1.24, update to version 8.1.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

BDU:2022-06333

CVE-2022-0030

Affected Products

Pan-Os

PT-2022-5103 · Palo Alto Networks · Pan-Os

CVE-2022-0030

Weakness Enumeration

Related Identifiers

Affected Products

References · 7